API Reference

Scan Policies Analysis

StackHawk provides API endpoints for managing application scan policies.

Scan Policies define which vulnerability checks, or "plugins" are run when testing a web application with HawkScan.

StackHawk and Application Scan Policies

There are two kinds of scan policies:

  • StackHawk Scan Policies: these are predefined named policies that contain a subset of preconfigured plugins. These are identified by name, and includes a DEFAULT policy that defines the default plugins used when running HawkScan unconfigured.

  • Application Scan Policies: these are customized scan policies that have been created to correspond to a StackHawk application. These scan policies include a applicationId that refers it to the corresponding StackHawk application.

Get details of StackHawk scan policies

You can view all the StackHawk scan policies with the All scan policies endpoint.

# input the auth token
AUTH_JWT=<AUTH_JWT>
# request all stackhawk policies
curl --request GET \
     --url https://api.stackhawk.com/api/v1/policy/all \
     --header 'accept: application/json' \
     --header 'authorization: Bearer $AUTH_JWT'

You can get the specific details of a named StackHawk scan policy with the Get StackHawk scan policy endpoint.

# input the auth token and policy name
AUTH_JWT=<AUTH_JWT>
SCAN_POLICY_NAME=DEFAULT
# request all stackhawk policies
curl --request GET \
     --url https://api.stackhawk.com/api/v1/policy?policyName=$SCAN_POLICY_NAME \
     --header 'accept: application/json' \
     --header 'authorization: Bearer $AUTH_JWT'

Notice that plugins in the list are marked as enabled or disabled.

Assigning a StackHawk policy to an application

Assigning a StackHawk policy to an application will set the applications scan to use that predefined plugin list when scanning the application.
By default; new applications have a scan policy matching the DEFAULT policy.

With an Application ID you can get the currently assigned application scan policy.

# input the auth token and app id
AUTH_JWT=<AUTH_JWT>
APP_ID=<APP_ID>
# request all stackhawk policies
curl --request GET \
     --url https://api.stackhawk.com/api/v1/app/$APP_ID/policy \
     --header 'accept: application/json' \
     --header 'authorization: Bearer $AUTH_JWT'

and modify it with the update scan policy endpoint to configure the plugins there.

# input the auth token app id and scan policy name
AUTH_JWT=<AUTH_JWT>
APP_ID=<APP_ID>
SCAN_POLICY_NAME=DEFAULT
# request all stackhawk policies
curl --request PUT \
     --url https://api.stackhawk.com/api/v1/app/$APP_ID/policy/assign?policyName=$SCAN_POLICY_NAME \
     --header 'accept: application/json' \
     --header 'authorization: Bearer $AUTH_JWT'